May 17, 2012

Posts Comments

You are here: Home / 2010 / Archives for May 2010

Contingency Plan and Crisis Management Efforts by BP under Fire from DHS

May 19, 2010 By Leave a Comment

As we have mentioned before in postings on this website, there are many lessons to be learned from this unfortunate oil spill in the Gulf of Mexico. 

It is important for our readers and your organizational crisis management team members to find meaningful lessons from this tragic incident,  and, to observe both the strengths and weaknesses in the emergency response plan now being implemented by BP.  We do not believe that this means that your organization has to be part of the oil industry in order to find those meaningful lessons – nor does the learning process limit itself to only environmental compliance issues.

In this posting, we would like to focus on what we believe to be one of those lessons to be learned– i.e. be aware of the potential outcomes from writing a less than complete or realistic crisis management and emergency response plan for your organization, and, open your scope of considerations for potential company specific and relevant risk events that will affect both the business continuity plans for your organization, as well as,  the potential relevant  impact such an event will have on the community and environment surrounding that organization.

To that point we would like to point your attention to a recent article in USA Today, where Rick Jervis wrote that the 582-page document submittal from British Petroleum, (BP), titled “Regional Oil Spill Response Plan — Gulf of Mexico,” was approved in July by the federal Minerals Management Service (MMS). The report offers technical details on how to use chemical dispersants and provides instructions on what to say to the news media, but it does not mention how to react if a deep-water well spews oil uncontrollablyRead Richard Jervis’s article in full…..and remember to utilize some of the useful links in that article leading you to more timely information on this event.

Additionally, this emergency response plan prepared by BP mentions almost none of the techniques recently attempted by BP to contain the spewing well in that plan.  

A statement that seems to sum the lack of readiness in BP’s emergency response plan comes from Representative Nick Rahall (D-West Virginia), chairman of the House Natural Resources Committee, which is investigating federal oversight of oil spills, where he said,  “These oil spill response plans suffer from what I would consider a ‘failure of imagination”.  It seems to me that there should be a Plan B, C and D in place before the accident occurs, not created in haste while millions of gallons of oil are spewing into the Gulf.”

Another aspect of BP’s plan that we would never want to be part of any of our reader’s organizational risk management plans has to do with a simple “cut and paste” methodology leading to a “boilerplate” approach to writing such plans for our own companies.  Clearly there is risk in this approach, and while, there are some applications where you can justify similarities to the point that repeating certain language does make sense, it is much more obvious that you can become complacent with this “cut and paste” approach to the point of  missing critical issues and response methodologies necessary to mitigate unforeseen events.  BP’s emergency response plan seems to be a strong example of taking that risk.

Rick Steiner, a former University of Alaska marine scientist and an oil spill response consultant who has reviewed the plan, observes a similar “boilerplate” pattern in BP’s plan, where Mr. Steiner states, “Parts of the document read like boilerplate used by BP from region to region and underscores the energy company’s inability to adequately prepare for a major spill in deep water …”

And to further prove his point, and in a recent posting on the Homeland Security Newswire website, Mr. Steiner points out that in a section titled “Sensitive Biological & Human-Use Resources,”…. the plan lists “seals, sea otters and walruses” as animals that could be impacted by a Gulf of Mexico spill — even though no such animals live in the Gulf.  Read more ….

In further response to BP’s disaster recovery and control efforts, the White House has already signaled an end is needed to the “cozy relationship” that federal regulatory agencies have seemingly created with BP. Perhaps another important lesson to be learned here as well  – e.g. you never want your organization to be in such a situation where such negative attention is paid to your company.  Read more….

Please pass this posting along to your enterprise risk management team members.

Filed Under: Homeland Security Dpt, Regulatory Compliance Tagged With: , , , , , , , , , , , ,

TJX and Heartland Data Breach Investigations Come to a Close

May 14, 2010 By Leave a Comment

Information security and risk management team leaders often discuss data breach risks in their organization and how to mitigate those risks as quickly, effectively and economically as possible.

For many readers of this website, security policies in their companies try to adequately address and implement controls, along with security audits and security analysis exercises, implemented on a regular basis, are in place to avoid the negative consequence(s) from a data breach to their organization.

Those risk management teams even with the proper tools and policies struggle daily to mitigate those organizational privacy rights violation risks. 

Learning from others is an important part of that process, and, it is with that in mind, that we recommend an article reporting on an interview between Kim Peretti, and Tom Field, Editorial Director of the GovInfoSecurity website, and entitled, “Inside the TJX/Heartland Investigations”.

Ms. Peretti is a former Senior Counsel in the Computer Crime and Intellectual Property Section of the Criminal Division of the United States Department of Justice, located in Washington, DC., and in her article, she offers an inside look at this data breach related investigation detailing such related areas of focus as: (1) how the investigations unfolded from beginning to end; (2) the significance of the conspirators’ sentences, and (3) lessons learned from these cases.

Please pass this information along to your information security risk managers, and, hopefully they can gain critical information from the “lessons to learn” section of the report and then add real value to their own information security audit and risk analysis activities.

Click here to read more…..

Filed Under: Information Security Tagged With: , , , , , , , ,

Reminder: 2010 National Preparedness Month is September

May 13, 2010 By 1 Comment

We will be reminding our readers about this event from time to time, and, as supporting activities are announced we will bring your attention to those dates, times and details.

Such an introductory event has been just confirmed and announced ……

FEMA is requesting your participation in the 2010 National Preparedness Month (NPM) Webinar to be held Tuesday, May 18th, 2010 at 3:00 PM EDT. 

The Webinar will introduce the 2010 Toolkit and more information on how to participate in NPM 2010.

September 2010 is the 7th annual NPM and this year will focus on encouraging Americans to work together to take concrete actions toward emergency preparedness.

Click here to learn more and register for this free webinar….

Filed Under: PS-Prep Program Tagged With: , , , ,

Information Governance and Information Security

May 13, 2010 By 1 Comment

With more discussions and awareness now surrounding the topics of e-discovery, privacy rights, information security and regulatory compliance regarding corporate security, we wanted to bring our reader’s attention to an interesting blog entry that was posted earlier this year.

The content of this entry was written and posted by Debra Logan, a member of the Gartner blog network and was entitled, “What Is Information Governance? And Why Is It So Hard?”

If your company is just now dealing with and trying to write policies and procedures around the information security concerns in company e-mail activities, then this article will give you some insight as to how the term “governance” fits and addresses current management needs for information security compliance within organizations.

We suggest reading more about this topic of information governance and passing this information along to your organization’s risk management and information security specialists and team members.

Even if information security and management of privacy rights for your company’s email activities is not a problem or concern today, we think it might well be in the future,  if the current trends of regulatory compliance continue to increase over the next several months…..

Click here to read the full article.

Filed Under: Information Security, Regulatory Compliance Tagged With: , , , , , , , ,

American Idol and Preparedness Issues

May 12, 2010 By 1 Comment

by: Lisa DuBrock and Don Byrne, Contributing Writers

Over the past six months businesses and communities have been forced to deal with an interesting variety of challenges from underwear bombers and exploding volcanoes to an oil spill that threatens to devastate small coastal towns over a four state area. Now another small community – Mt. Prospect, Illinois — is faced with yet another new challenge – American Idol!

Mt. Prospect is home to Lee DeWyze who will be returning to the Chicago area on Friday May 14th. Starting with an appearance on “Good Day Chicago”, Mr. DeWyze will spend the day giving local interviews, visiting an AT &T store and speaking at schools. The day will end with a motorcade beginning in Mt. Prospect, Illinois, finishing at the Arlington Park Racetrack in Arlington Heights, IL, where DeWyze will be part of a free concert. 

How should a working community (est. average family income is $67, 946), with slightly over 53,000 people be prepared for the celebrity challenge of American Idol? Is there a crowd control element that needs to be addressed? These are just some of  the questions asked of our team of preparedness and crisis management  experts. The following “American Idol Fans – Crowd Management Checklist” was the result.

We wish Mr DeWyze, Mt. Prospect, and everyone involved with this event a safe and enjoyable time!

American Idol Fans – Crowd Management Checklist

Event Planning
A safe and secure event begins with good planning. Questions to be asked at the outset include:

What are the core activities that comprise the overall event and what are the safety and security implications of each? Here are some examples:

  • Is the Chain of Command, especially across different departments and agencies (fire, police, event management, etc.) clear and documented?
  • Are the duties and responsibilities of each group clear?
  • Is there a system in place that allows event managers to communicate with each other?
  • Is there a well publicized and detailed timetable of the various activities including their location, how to travel to and from the event, and a discussion of what to do if weather or other factors cause a serious delay or cancellation? This is especially important if refunding of ticket purchases may be involved.
  • Is there sufficient support equipment available to service the needs of the anticipated crowd?
  • Will the Media be given special access and setup space for the event? If so, how are their power requirements going to be met and is there a secure area for mobile TV and Radio station equipment?

Event Location and Travel Routes

Will there be a parade or motorcade? (Mt Prospect plans a motorcade.) If so, arrangements must be made to re-route business traffic that would normally use the roads in and around the parade route. Notice must be given to these businesses so as not to disrupt the supply chain of goods to and from local businesses. Other considerations:

  • How will access be provided to emergency vehicles if they are needed?
  • Will concession stand vendors (e.g., those serving food) have special ingress and egress?
  • How will any performers be moved to and from the event? Car, van, bus, helicopter, etc.?
  • Where will the performers be housed? When will they arrive and depart – all this information needs to be in the hands of the event planners so notice can be given to the police department and other security groups.
  • Parking facilities should be clearly labeled and if these are not directly adjacent to the parade/motorcade route, then shuttle transportation should be available.
  • What type of crowd is expected? Will the event attract families with young children and seniors expected; or are teenagers, motorcycle enthusiasts, or anarchists protesting the G8 while discussing the latest repartee between Ryan Seacrest and Simon Cowell – expected? In the former case, perhaps additional handicap and special parking space should be, additional restroom facilities provided, and concession stands alerted to the make-up of the crowd so they can provision their kiosks appropriately.
  • Will alcohol be permitted and sold at the event?
  • If there is a parade/motorcade, where will it end? This is an important consideration because people may need transportation back to their parking locations? If the crowd doesn’t immediately disperse are there food, drink, and entertainment facilities that can occupy them?
  • Are there “feeder” events earlier in the day that will set the tone for the final activities? If so, are these ones that are likely to get the crowd’s adrenaline pumping or will the mood be mellow? The attitude of a crowd after a football game with a rival team is much different than after a flower show or Oldies Concert! 

Physical Surroundings and Weather Conditions

The setting has much to do with establishing the character of the event. For example, will the event(s) be held indoors or outside? Are tickets required or is this a free event? What are the expected weather conditions? All these factors will impact the size of the crowd, their mood, and how long they will linger after the event finishes. Here are some additional items to consider in the context of the venue and weather conditions.

  • If the event is being held in-doors, how will crowd movement be managed? Will people be expected to exit from the same direction they entered or will they be routed in a different way to their vehicles/transportation? In either case, good signage is a must!
  • Does the setting have any type of public address system for making announcements to the crowd? One key lesson learned when dealing with large scale events is that keeping the crowd advised of delays and the reason for delays helps control tempers and the frustration that builds in the absence of information. Such announcements also help squelch rumors, which can ignite unwanted behavior. 

Security and Safety

While local police officials have overall responsibility for the security of the event, many events will involve the use of untrained or slightly trained security personnel. Here are some things to consider when planning for the safety and security of all attendees.

  • The visible presence of police and security personnel can do much to set the tone of the event. Stationing police in full riot gear regalia around the periphery of the event sends a very different message to the crowd than having volunteers in brightly colored T-Shirts or jackets emblazoned with the words Event Management walking around the area.
  • Will private security be present? If so their plans should be shared with the local police and all activities coordinated. This information-sharing arrangement should be part of the permit process and contract procedures agreed to by the local authorities, the venue provider, and the event promoter. If performers are involved who have their own security, the plans for moving these individuals to and from the event must be coordinated with local authorities.
  • Will there be a crowd-screening process? Some level of screening will take place if tickets are required but even at open events, some review of the crowd to weed out people who are intoxicated, inappropriately dressed, or display other provocative behavior, should be considered. In all cases, if intervention is called for the goals should be to isolate and remove those involved quickly and with as little disruption as possible from public view.
  • Local ordinances (example: “No open container alcohol permitted!”) and codes of conduct (“No bare feet.”) should be prominently posted along with other safety codes.
  • The integrity and privacy of neighboring property should be respected. 

Roles of the Performer and Promoter

Each performer should be briefed on his or her role in contributing to a safe and secure event. This responsibility should be made clear in the contract between the venue and the promoter who then has responsibility to convey this information to the performer(s). 

While we can’t predict who the next American Idol will be, we can say with confidence that if the guidelines above are followed, whoever wins will be able to focus on performing and not worry about concert safety or security!

Source of information on Lee DeWyse’s trip to the Chicagoland area:  www.journal-topics.com
 
Filed Under: Physical Security, PS-Prep Program Tagged With: , , , , , , , , , , , , ,

Will Business Continuity be Supported by the new U.K Government?

May 12, 2010 By Leave a Comment

Business Continuity and Disaster Recovery (BC/DR) have always been issues strongly supported in the U.K., and, that support has always been promoted and explained by and through the excellent BC/DR related content coverage presented and posted on the continuitycentral.com website. 

To continue that legacy, the writers of continuitycentral’s website recently asked members of the new Conservative/Liberal Democratic coalition, the following question, “How will the new government approach business continuity and its promotion?”   

Since this website supports such actions and indeed shares similar goals and objectives for the promotion of BC/DR, we support this approach and action, and recommend reading the outcome from their interviews — both to emphasize the real need that BC/DR has for governmental support in any country and for the level of importance that BC/DR related issues should take in such an important election process in any country. 

To read more about the questions asked and the answers received, click here.

Is there a lesson here to be learned ?

Filed Under: Business Continuity Info Tagged With: , ,

FEMA Emphasizes Need of Business Continuity Plans

May 12, 2010 By Leave a Comment

This website continues to focus attention on FEMA’s PS-Prep program, not only for the value and benefit PS-Prep can bring to your organization, but, also the value and benefit that PS-Prep offers to individuals and their families. 

To that point and during a presentation at the Center for National Policy on April 23, Timothy Manning, deputy administrator for the Federal Emergency Management Agency, discussed the criticality of the private sector in national disaster preparedness and recovery capabilities.

 A summary of that presentation is posted in a recent article written by Leischen Stelter, and located on the Security Director News website.

Personal preparedness and personal disaster readiness levels have a direct relationship to the ability of a community to respond and recover from a disaster.  However in his speech, Mr. Manning re-emphasized that the overall community recovery capability is still also largely dependent upon the business continuity plans of private businesses. 

With this in mind, FEMA has been working to further support private sector businesses to increase their resiliency and assist the writing and implementation of business continuity plans and programs for those businesses.  This is being done through and with the support of FEMA’s PS-Prep program.

Please pass this article along to your private sector organization’s business continuity and disaster recovery team members, and, click here to read more of what Mr. Manning had to say on this important topic.

Filed Under: PS-Prep Program Tagged With: , , , , , , , ,

New Report Predicts Increased Use of e-Discovery by Organizations

May 11, 2010 By Leave a Comment

Photo courtesy of blog.sonian.com

According to new research results from a CompTIA study, organizations have stated that they will increase their use of electronic discovery.

CompTIA is a leading trade association for the world’s information technology (IT) industry, and their recently released report findings came from more than 650 IT professionals surveyed.  Some of the highlights of the report are:

53 percent of those surveyed expect the use of e-discovery within their organizations to increase over the next five (5) years,

50 percent of organizations surveyed have already developed an e-discovery strategy, either partial or comprehensive, and

26 percent indicate that their organization has no official e-discovery strategy but have engaged in e-discovery processes informally.

The CompTIA survey also identified situations that most often trigger the use of e-discovery. They include:

  • Investigating an employee suspected of violating company rules (cited by 66 percent of survey respondents)
  • Security breach stemming from an outside threat (62 percent)
  • Pending lawsuit (60 percent)
  • Intentional internal security breach (53 percent)
  • Unintentional internal security breach (44 percent)

Please pass this information along to the risk management team members of your organization.

To read more about this report, click here.

Filed Under: Information Security, Regulatory Compliance Tagged With: , , , , , , , ,

Disaster Recovery — Lessons Learned

May 7, 2010 By Leave a Comment

By Lisa C. DuBrock  

Frequently when a disaster happens such as the Earthquake in Haiti, the media’s talking points quickly turn from the amount of devastation the disaster caused, to how slow the relief effort has been.  I’ve always thought that unfair.  

In reality, the required food, water, and shelter doesn’t just magically appear — rather a massive logistics effort needs to get mounted, coordinated and managed.  Not easy, when you are attempting to manage an international relief effort.  

The attached link for a Wired May 2010 article titled “Organizing Armageddon” details one such relief effort — that of the Haitian Earthquake, what we learned from it, and what we have learned from a listing of other past disasters.  

The author, Vince Beiser, paints a vivid picture of the life of an emergency responder, both the work that they do and the decisions they need to make.  I certainly believe that after reading this story, you will never again question, why the relief seems to be taking a long time.

It might be good for you to also pass this along to your organization’s business continuity and disaster recovery team members considering updating or compliance monitoring their contingency and risk management plans this fiscal year.

Filed Under: Business Continuity Info Tagged With: , , , , , , , ,

Preparedness and Readiness and the Gulf Oil Spill

May 6, 2010 By Leave a Comment

The oil spill in the Gulf of Mexico has exposed the world to the fact that this industry seems to lack the level of readiness necessary to mitigate the many and challenging risks of deep-water oil exploration projects.  This was the position taken in a recent article published on the Homeland Security Newswire website.  (Read more…)

Nonetheless, it is not the purpose of this posting to directly address all of the many issues based on the history surrounding the decision to launch the Deepwater Horizon rig project, the current steps being taken to contain this oil spill as much as possible to minimize the damage to the environment, nor the future actions or decisions pending regarding this incident.

Rather, the purpose of this story is to point out to our disaster recovery team members that as events and decisions unfold regarding the oil spill in the Gulf of Mexico, those business continuity, disaster recovery and risk management managers need to observe this unfortunate occurrence as if it were a BC/DR management case study and take from it, those actions or inactions that might be valuable inputs to your own organization’s disaster recovery planning efforts.

Issues such as compliance risks, contingency plans, business continuity planning, risk management policies and procedures and disaster recovery training are just a few of areas that would apply.

To stay on top of the many developments on this disaster recovery and containment effort in the Gulf of Mexico, we would also advise our readers to click here for ongoing situation reports on this oil spill matter or click here  to view the Official Site of the Deep Water Horizon Unified Command.

Filed Under: Business Continuity Info Tagged With: , , , , , , , , , ,
« Older Posts
Newer Posts »